If a risk assessment and business impact analysis (BIA) indicate that the loss of ISP connectivity may result in a severe impact to the business, then a backup ISP connection should be implemented.
Description: Businesses that need to host 24/7 services with high availability and minimal downtime must carefully consider options for maintaining continuity during an Internet Service Provider (ISP) outage. Organizations often place blind trust in their ISPs to deliver a constant flow of connectivity. However, ISPs can experience outages, and this represents a potential risk that must be addressed proactively.
Risk assessments and business continuity planning should specifically account for this possibility. For businesses that provide critical services—such as public web applications or databases—where a connectivity outage could cause severe operational or financial impact, investing in a secondary, redundant ISP may be worthwhile.
Implementing this control involves purchasing an additional Internet service plan from a separate ISP and configuring it as a failover link. This eliminates the primary ISP as a single point of failure, allowing critical services to continue functioning during an outage.
Organizations considering this approach should conduct thorough due diligence, including a detailed cost-benefit analysis. Senior management and other relevant stakeholders must be engaged in the decision-making process. If a business impact analysis (BIA) indicates that the potential losses from service downtime exceed the cost of maintaining a secondary ISP, implementing this redundancy can be considered a justifiable and prudent measure.